As we all head off to KubeCon this week, we have some exciting updates to share… The Project Calico development community has been hard at work recently, culminating in two milestone releases over the last week.
- Calico version 1.6 rolls up a number of recent features and fixes, into a stable evolution release that is a recommended upgrade for all users of the project on versions 1.5 or earlier.
- Calico version 2.0 beta, as the name suggests, is for early adopters keen to get their hands on the very latest code. And as the increment in the major version number implies, there’s a lot going on under the hood.
So without further ado, let’s take a look at what the team has been up to…
- Improved Docs! Yay! We are aware that documentation is super important for any open source project. And yet, as Calico extended its platform support to encompass Docker, OpenStack, bare metal, Mesos, DC/OS, Kubernetes, Canal, … it has been clear that our docs have not kept pace. This release fixes some of that accumulated “documentation debt”, and more importantly puts a much better, versioned framework in place, at docs.projectcalico.org.
- Hybrid orchestrator deployments. For those deploying Calico on multiple platforms – for example both OpenStack and Kubernetes – the Interface Prefix now supports multiple values, allowing those clusters to peacefully co-exist. (Thanks to Alex Saprykin at Mirantis for help with that one!)
- Pluggable routing stack. Thanks to Wataru Ishida at NTT for implementing support for GoBGP as an option for users who want a different routing stack from BIRD. This is a great example of how community co-operation helps create a more flexible project that addresses a broader range of use cases. Note that use of GoBGP is still considered experimental – BIRD is still more extensively tested with Calico – but we are really excited about the potential of GoBGP.
- Improved security. Calico now supports Subject Alternative Names (SANs) in SSL X.509 certificates, which are used for example for securing Calico’s connection to etcd datastore servers.
- A win for those using Docker libnetwork: the plugin is now bundled in the calico/node container so there is no need to install or run it separately. Dockerization FTW!
- Various other fixes and enhanced diagnostics to improve overall robustness and keep the ops teams happy.
The v2.0 beta includes all the enhancements in v1.6, plus the following:
- The calicoctl command line utility adopts a new UX model that is much more aligned with Kubernetes, in particular using a resource object model (allowing, for example, policy to be defined in YAML files) and support for applying policy using label based selectors. These changes allow users of Kubernetes to get advanced policy capabilities with a familiar interface, and the same rich set of features are available to users of other platforms, providing them with a Network Policy interface consistent with that of Kubernetes.
- Calico is already widely recognized as the highest performing, best scaling cloud networking solution. With v2.0, we further extend that lead with some major performance improvements, particularly around resync / catch-up behavior (which is important in large cluster start-up scenarios where there is the heaviest load on the network), resulting in up to 10x faster convergence along with significant reductions in total CPU load. We will be doing more performance benchmarking and sharing real-world results as we have them.
- Calico now has a pluggable model for its backing key-value datastore. The default option is still there to use etcd as a proven at scale datastore, but for Kubernetes deployments we now also support using the Kubernetes itself as the datastore (reading desired state directly from the Kubernetes API Server). This feature – which is still officially experimental, and requires Calico to run in policy-only mode, e.g. when running as part of a Canal deployment – enables a simpler install and operational experience for Kubernetes, as the separate etcd install step can be skipped.
- Another experimental pluggable API allows Calico to use alternate data planes. While many users love the fact Calico uses the standard Linux L3 forwarding engine, with iptables for policy enforcement, there is also growing interest around other data planes, such as the Vector Packet Processing platform (VPP) from the fd.io project, which runs in user space and leverages Intel Data Plane Development Kit (DPDK). Thanks to our friends in the community, particularly Matt Johnson at Cisco, for their help with this work!
- Behind the scenes, developers in the community will have already realized that some major chunks of Calico are now written in the Go programming language. This has enabled us not only to deliver some of the performance improvements mentioned above, but also to better align the project with many of the other open source projects with which we integrate, such as etcd, flannel, Docker, and Kubernetes (and GoBGP mentioned above), leading to easier installation and deployment in the future.
As you can tell, the above is the culmination of a lot of hard work and community collaboration. There are many more contributors than I have space to call out individually, and we are sincerely grateful to all of them for helping to make Calico the vibrant community that it is.
The result is that Calico v1.6 is now the networking and network policy solution of choice for production clouds. And with Calico v2.0 beta we are setting the foundation for the future of the project.
We hope you will try them out and share feedback/issues on github, the Calico Slack user group, or at freenode IRC channel #calico. And if you’re in Seattle at KubeCon, please do grab one of us to chat, and/or join us at the party on Wednesday evening (RSVP required, here).
Join our mailing list
Get updates on blog posts, workshops, certification programs, new releases, and more!